[KB380] Generate a Windows memory dump manually

Issue

• ESET Technical Support has asked you to generate a memory dump file for analysis to help them resolve an issue with your computer

Solution

1. Prerequisites
2. Configure memory dump settings
3. Generate a memory dump manually

I. Prerequisites

• If you are experiencing a BSOD error (computer crash), verify that your computer has not generated a memory dump automatically before you proceed.
• The process to generating a memory dump varies depending on your keyboard type (PS/2 or USB). To determine your keyboard type, open the Control Panel and click Keyboard → Hardware. Your keyboard type is listed in the Devices section.

  

II. Configure memory dump settings

1. Press the Windows key + R. In the Open field, type sysdm.cpl and click OK.

   

2. Click Advanced. In the Startup and Recovery section, click Settings.

   

3. In the Write debugging information section, select Complete memory dump. In the Dump file section, type the applicable location. The %SystemRoot% string is a Microsoft Windows variable that stands for the root directory of your Microsoft Windows installation. Typically, the default value is C:\Windows.

   The complete memory dump option is unavailable

   If the Complete memory dump option is unavailable:

   1. Press the Windows key + R. In the Open field, type regedit.exe and click OK.

   2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl.

   3. Double-click CrashDumpEnabled. In the Value data field, type 1.

   4. Click OK.

   5. Restart the computer.

4. Bookmark this article before you continue and then click OK to restart your computer. After your computer restarts, proceed to Part III below to manually generate a memory dump.

   

III. Generate a memory dump manually

1. Press the Windows key + R. In the Open field, type regedit and click OK.

   

2. In the Registry Editor window, open the applicable Parameters folder for your keyboard type:

   • • USB keyboard users: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
     • PS/2 keyboard users: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters

3. In the right pane, right-click and select New → DWORD or DWORD (32-bit) Value depending on your operating system.

   

4. Right-click the new file and select Modify.

   

5. In the Value name field, type CrashOnCtrlScroll. In the Value data field, type 1 and click OK.

   

6. Close Registry Editor and restart your computer.

7. After your computer has restarted, wait until your issue is active or visible on the screen and then generate the memory dump. Press and hold the right CTRL key (you must use the right CTRL key) and then press the Scroll Lock key twice.

8. The Windows forced crash dialog runs, and a memory dump is generated. Your computer may restart as a result.

9. After your computer has restarted, open the system's root directory (C:\Windows by default) and locate the MEMORY.DMP file. ZIP (compress) the memory dump file.

10. Respond to the last email from your case with ESET Technical Support and notify them that you are ready to submit your memory dump file. An ESET Technical Support agent will contact you with instructions to submit the file for analysis.

11. In most cases, ESET Technical Support will request your SysInspector log, in addition to a memory dump.